Malware


Apple to Require Mac Apps to Be Sandboxed

Apple has informed developers that, as of March 2012, any app submitted to the Mac App Store will have to include a sandbox. The move is an intriguing one from Apple, which has kept a low profile on security and typically handles Mac security on its own.

Is .info the New .cc?

By Kurt BaumgartnerIn April, the .co.cc and .cz.cc sub-domains were absolutely littered with malware distributing web sites, and the unusually telling DNS registration setup on .co.cc and .cz.cc had forecast the previously upcoming Apple FakeAv. That DNS setup later led to FakeAv downloads for the Mac as forecast. But FakeAv distribution has been steadily declining since the beginning of the year, and a few related major events have occurred over the past six months. Blackhole operators have migrated to .info domains, along with other related malicious site operators. Have they pushed .info to become the new .cc?


The Poison Ivy malware kit is old. It was first seen in 2005, which makes it about 762 years old in Internet years. But that doesn’t mean it’s no longer useful, as evinced by the data collected by Microsoft in a new report on the tool, which shows that it is still in active use and is turning up on thousands of infected PCs.

Microsoft said that its looking into a reported zero day vulnerability in Windows that was used by the Duqu malware to spread, but isn’t committing to a patch for the problem in time for this months scheduled update.

The Black Hole exploit kit is really becoming a serious pain in the neck for people trying to use the Internet. At some point, it may become easier to start a list of the URLs that aren’t hosting the exploit kit, rather than the ones that are. For the time being, the latest entry in the latter category is a group of thousands of WordPress blogs that have been compromised and are now redirecting visitors to sites serving the Black Hole exploit kit.

A newly discovered installer for the Duqu malware includes an exploit for a previously unknown vulnerability in the Windows kernel that allows remote code execution. Microsoft is working on a fix for the kernel vulnerability right now. The exact location and nature of the flaw isn’t clear right now.

After tapering off, the Zeus Trojan has been staging a comeback over the last few months, possibly using a new infection routine that leverages Windows’ autorun feature even after a company update to limit infections that use it, according to research by Microsoft.